Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-524 (通过缓存导致的信息暴露) — Vulnerability Class 28

28 vulnerabilities classified as CWE-524 (通过缓存导致的信息暴露). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-14806 IBM Planning Analytics Information Disclosure — Planning Analytics Local 5.7 Medium2026-03-17
CVE-2026-27205 Flask session does not add `Vary: Cookie` header when accessed in some ways — flask 7.5AIHighAI2026-02-21
CVE-2026-25540 Mastodon's signature-dependent ActivityPub collection responses cached under signature-independent keys (Web Cache Poisoning via `Rails.cache`) — mastodon 6.5 Medium2026-02-04
CVE-2026-24472 Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception — hono 5.3 Medium2026-01-27
CVE-2025-69202 axios-cache-interceptor Vulnerable to Cache Poisoning via Ignored HTTP Vary Header — axios-cache-interceptor 9.1 -2025-12-29
CVE-2025-64696 Brother iPrint&Scan 安全漏洞 — Android App "Brother iPrint&Scan" 6.2AIMediumAI2025-12-09
CVE-2025-64762 authkit-nextjs may let session cookies be cached in CDNs — authkit-nextjs 4.2 -2025-11-21
CVE-2025-61598 Discourse is missing Cache-Control response header on error responses — discourse 5.3AIMediumAI2025-10-28
CVE-2025-9901 Libsoup: improper handling of http vary header in libsoup caching — Red Hat Enterprise Linux 10 5.9 Medium2025-09-03
CVE-2025-57752 Next.js Affected by Cache Key Confusion for Image Optimization API Routes — next.js 6.2 Medium2025-08-29
CVE-2025-5141 Core Privileged Access Manager (BoKS) Leakage of Sensitive Data via the Cache — Core Privileged Access Manager (BoKS) 5.5 Medium2025-06-17
CVE-2025-4233 Prisma Access Browser: Inappropriate implementation in Cache — Prisma Access Browser 7.5AIHighAI2025-06-12
CVE-2023-37517 HCL Domino Volt and Domino Leap are affected by missing "no cache" headers — HCL Domino Leap 3.2 Low2025-04-30
CVE-2023-37516 HCL Leap is affected by missing "no cache" headers — HCL Leap 3.2 Low2025-04-24
CVE-2024-30127 HCL Leap is affected by missing "no cache" headers — HCL Leap 3.2 Low2025-04-24
CVE-2024-12314 Rapid Cache <= 1.2.3 - Unauthenticated Cache Poisoning — Rapid Cache 7.2 High2025-02-18
CVE-2024-49580 JetBrains Ktor framework 安全漏洞 — Ktor 5.3 Medium2024-10-17
CVE-2024-45596 Directus's session is cached for OpenID and OAuth2 if `redirect` is not used — directus 7.4 High2024-09-10
CVE-2024-41906 Siemens SINEC Traffic Analyzer 安全漏洞 — SINEC Traffic Analyzer 4.8 Medium2024-08-13
CVE-2024-33004 Insecure Storage vulnerability in SAP BusinessObjects Business Intelligence Platform (Webservices) — SAP BusinessObjects Business Intelligence Platform (Webservices) 4.3 Medium2024-05-14
CVE-2024-0874 Coredns: cd bit response is cached and served later 5.3 Medium2024-04-25
CVE-2024-27917 Shopware's session is persistent in Cache for 404 pages — shopware 7.5 High2024-03-06
CVE-2023-37486 Information Disclosure vulnerability in SAP Commerce (OCC API) — SAP Commerce (OCC API) 5.9 Medium2023-08-08
CVE-2022-3292 Use of Cache Containing Sensitive Information in ikus060/rdiffweb — ikus060/rdiffweb 6.5 -2022-09-28
CVE-2021-24027 Facebook WhatsApp 安全漏洞 — WhatsApp Business for Android 7.5 -2021-04-06
CVE-2019-14997 Atlassian Jira 安全漏洞 — Jira 4.3 -2019-09-11
CVE-2019-11244 kubectl creates world-writeable cached schema files — Kubernetes 5.5 -2019-04-22
CVE-2019-9495 The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns — hostapd with EAP-pwd support 5.9 -2019-04-17

Vulnerabilities classified as CWE-524 (通过缓存导致的信息暴露) represent 28 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.